Meet Eugene Kaspersky: the man on a mission to wage war against - and kill - the computer virus

He's helped protect enemies of the United States, yet counts the FBI as a client. Monica Attard meets Eugene Kaspersky, the former communist youth-wing member turned computer-security giant.

June 1, 2013 — 3.02am

He's a virus killer whose name can be found inside tens of millions of computers worldwide - and he sees vistas of cyber-warfare everywhere he looks. The FBI trusts him, even though he also counts Russia's Federal Security Service (FSB), the successor to the KGB, as a client. Given that Eugene Kaspersky's company, Kaspersky Lab, is well on its way to becoming the dominant player in the world of computer security, it's perhaps not surprising that the 47-year-old Muscovite believes that cyber-crime, in all its hues, is currently the biggest threat facing the global economy. It's big business.

He rattles off the threats: tailor-made cyber-weapons designed to destroy data at a specified time; new infection methods designed to target big business; malware (malicious software used to disrupt computer operations) attached to app stores that steal data from mobile phones; co-ordinated attacks on government communications and infrastructure. Not to mention the common banking frauds that rob the IT specialists employed by the world's major banking and financial institutions of their sleep every night. "And the number-one problem?" booms the slightly rumpled CEO, who bears more than a passing resemblance to the actor Philip Seymour Hoffman. "Cyber-weapons and cyber-espionage." And he's happy to identify the number-one offender, too. "China," he says emphatically.

Kaspersky now presides over a $US612-million-a-year private-tech empire, operating in nearly 200 countries. The company employs 2700 virus specialists and licenses its products to behemoths such as Microsoft, Cisco and IBM. "We are number four by revenue," he says. That is, number four after anti-virus giants Symantec, McAfee and Trend Micro.

Kaspersky's personal wealth is estimated to be $US1.18 billion. Out of 131 dollar-billionaires in Russia, Kaspersky is ranked 114. Not that money gets him out of bed in the morning, he insists. "I am saving the world for fun. I have enough money. Money has to be like oxygen. You have to have enough. I have enough."

Advertisement

Source codes: As a military cadet in the 1980s, Eugene Kaspersky studied at the KGB-administered Institute of Cryptography, Telecommunications and Computer Science.

At Kaspersky Lab headquartersin the industrial outskirts of Moscow, most of the geeks wandering its corridors look disconcertingly young - like 14. The software is installed in the computers of some 300 million users worldwide, who rely on it to be protected from viruses, worms, Trojan malware (it only looks like it's doing what the user wants), spyware and other malicious software, or malware, that is designed to steal information, money and identity. With each detection of a threat, Kaspersky Lab is able to add to its formidable database of known malware.

I'm permitted to enter only a few work areas. Technical manuals and the remains of disembowelled computers are strewn across desktops while, in common areas, employees huddle together in groups, occasionally erupting in spontaneous bouts of applause as they cheer themselves on to their next task. The scene is reminiscent of those in The Social Network, except this isn't Facebook, we're not in Palo Alto and the company CEO isn't a socially challenged nerd. On the contrary, Kaspersky is charmingly affable - chatty even - and appears to be liked and respected by his workforce. They refer to him as the Che Guevara of internet security. On the day I visit, the temperature plummets to an uninviting -20°C. My press contact, Anton Shingarev, walks me to the boss's office, which is surprisingly small. "I'm not here that often," Kaspersky explains in half-apology.

Kaspersky isn't tall, just bulkily Russian, with a touch of zen about him. Wearing jeans and a T-shirt that's seen better days, he doesn't look like one of Russia's infamous über rich. There's no Armani suit, no Rolex watch, no spivvy haircut. He's intense, but friendly. I feel he wouldn't flinch if I called him "Zhenya", as those close to him might. He's eager to show me what he knows about Australia. "I've walked the Harbour Bridge three times," he boasts. "It's a great journey but, to get to the top, it's one-and-a-half hours - many stops and the guide speaks so much. You walk for 10 minutes, then 15 minutes, then stop," he says.

It's clear Eugene Kaspersky is a man who's often in a hurry. Shingarev has warned that a definite no-go area during our conversation today is his private life and the kidnapping of his now 22-year-old son, Ivan, three years ago as he walked to work from his Moscow apartment. (Ivan is his only child with his first wife, Natalya, whom he divorced in 1998.)

It would be a searing experience for any parent but, on April 19, 2011, when Kaspersky first learnt while on a visit to London that Ivan had been taken, he, at least, had friends in the right places. The abductors wanted €3 million for Ivan's safe return. Kaspersky immediately called his contacts in the cyber-security department of the FSB and the Russian police who, after four days spent analysing the data that was coming through to them by way of the captors' phone calls, tracked Ivan's whereabouts to a country house on Moscow's outskirts. Undercover FSB operatives lured the kidnappers to a meeting point on the pretext of offering them a down-payment on the ransom and, while they were out, other officers swooped on the cabin, freeing Ivan and arresting the kidnappers. No ransom was ever paid.

In the aftermath of the kidnapping, Kaspersky drew the blinds on his private life, blaming the Russian version of Facebook, VKontakte, for the sting and telling the Kremlin-sponsored Russia Today network that Ivan's abductors found him because his son had posted his address on his VKontakte page. His reaction to the event demonstrated his deep concerns regarding online privacy and internet control. It was music to the ears of those inside the Kremlin.

Opposition to the rigging of Russia's 2011 parliamentary elections and to the impending return of Vladimir Putin to the presidency was gaining momentum. Both the Kremlin and the FSB were looking for a reason to close down the VKontakte pages of a number of high-profile opposition figures in order to stop what nonetheless occurred: mass protests.

Geek magazine Wired claimed in a profile of Kaspersky last year that he was trained by the KGB, which gave him strong links to the Kremlin, whose masters permit him to make as much money as he wants. Odd, posited the article, that so much of our digital data is in the safe-keeping of a KGB-trained, virus-obsessed genius who dismantles Western-devised cyber-weapons (about which, more later), while dreaming up ways to put a lid on internet freedom - and social media, in particular. "This article," he fumes. "Every sentence is almost correct - but not quite."

The best software engineers are Russian … Russian cyber-criminals are the best also.

Kaspersky was a maths prodigy.Born in Novorossiysk on the Black Sea in the then USSR, he moved to Moscow, aged nine, with his engineer father and history-archivist mother. By 16, he was taking extra classes in physics and maths at a specialised school affiliated with Moscow State University. After he graduated from school, Kaspersky spent five years at the Institute of Cryptography, Telecommunications and Computer Science, administered by the KGB. The institute, he says, offered the best mathematics courses available in the old USSR.

At the end of his studies, he completed his military service at the Research and Development Institute run by the Soviet Ministry of Defence, working in "strategic operations and intelligence".

"Unfortunately, I wasn't a very good cryptographer: I was a software engineer," he says, with more than a hint of faux self-deprecation. Here, he began identifying viruses and developing a reputation as a malware expert. In 1989, he encountered a virus called Cascade, which caused the characters on a DOS screen to fall to the bottom in a random pile of letters and numbers. He disassembled the virus and developed a program to disable it. Each time a new virus appeared, say his friends, he'd sit at his computer for hours on end working out how to neutralise it.

At the same time, the business bug was beginning to bite for Kaspersky, just as it was for literally millions throughout the republics of the then-communist Soviet giant. He was not only collecting and identifying viruses at his desk in the Research and Development Institute, he was selling computers, too.

But then, he says, "after about half a year of pondering, I decided to become a free agent." Kaspersky sought - and was granted - early dismissal from military service. By 1991, he had teamed up with one of his tutors from the Institute of Cryptography and developed the AVP anti-virus project that was able to detect more viruses than any other software then available. It was the program upon which an empire would be built.

In 1997, six years after the collapse of Soviet power, Kaspersky, his then-wife, Natalya, and a friend, Alexey De-Monderik, decided to break away and form their own company. When Kaspersky Lab opened its first office, in Moscow, malware was clumsy and unsophisticated and the culprits were easy to catch. The Lab's first products were innovative and clever, catching out the miscreants with relatively simple programs.

By the time the next big phase of malware made itself known, around 1999 - worms arriving as attachments in emails - Kaspersky Lab was flourishing. The challenges grew by the day. Chasing the bad boys became a task bigger and more difficult than merely identifying and disabling the daily deluge of Trojan viruses and bots (where the attacker gains complete control of an infected computer). The new challenge was to stop the bad boys identifying what the good guys were planning to do to stop them.

"The first language in cyber-crime is Chinese," he says. "The second is Spanish and Portuguese. The third is Russian. Russians have the best quality of malware and the best software engineers are Russian. But the other side of the coin? Russian cyber-criminals are the best also," he laughs.

These days, he adds darkly, the culprits are nation states and "hacktivists" - political activists who hack to further their cause. The former member of the Soviet Communist Party's youth wing, Komsomol, now works "with the FBI in the US, cyber-police in Europe and cyber-police in Brazil. Not in Australia at the moment, but we are open for co-operation."

In 2010, it was Kaspersky's geeks who busted the infamous Stuxnet virus - a US-Israeli cyber-weapon aimed at disabling Iran's nuclear weapons program. Last year, Kaspersky Lab discovered a data-snatching virus called Flame that also had Tehran in its sights. Flame mapped and monitored Iran's computer network, remitting valuable intelligence to the US in preparation for a cyber-warfare campaign.

Despite these Washington-defying conquests, NATO member countries have been knocking at Kaspersky's door, looking for advice on how to protect themselves against cyber-espionage. "We signed a contract with the German railways," he says, "and also a couple of military contracts in Europe."

In Russia, where only the favoured are permitted to become fabulously wealthy, the claim that Kaspersky Lab has gone from strength to strength unfettered because its CEO has the Kremlin on side would be unremarkable except for the amount of data that passes through his business from across the globe.

Kaspersky denies that his ties to the Kremlin are close ones (he's met Putin only once) and that he is a member of Russia's famed class of oligarchs - those exceptionally wealthy businessmen who are willing to toe the Kremlin's often-undemocratic political line in order to pursue their interests unhindered. In fact, says Kaspersky, he's only ever met one Russian oligarch, Oleg Deripaska, the CEO of aluminium giant Rusal. "We were in Singapore for the Russian economic forum three years ago," says Kaspersky. "It was the first and last time I met any of these people."

He denies, too, that Kaspersky Lab operates freely because it has the blessing of another famed Russian group - the siloviki, a loose gathering of nationalist-minded, security-agency officials closely linked to the Kremlin. "This is bullshit," says Kaspersky, exasperated. "Most IT businesses in Russia have no connection to siloviki, because they don't need it." The security agencies need him more than he needs them.

"I don't have a regular connection to Kremlin," he reiterates strongly. "I don't have it. Only with FSB and police officers responsible for cyber crime. It is the same as we do in the rest of the world."

In Kaspersky's world, there are three major cyber-problems:online privacy, cyber-crime and social media."There are some reports that, in some cases, social media were used to misinform people in the Middle East." He's referring, of course, to the 2011 Arab Spring. The Kremlin is less than impressed that social media is similarly able to stir the collective ire of protesters in Moscow, as it's reputed to have done prior to the 2012 election. VKontakte, the share register of which was recently raided by a fund owned by a Putin ally, has refused to close down anti-Putin protest pages.

"Every country has some internal problems, so it is possible to misuse social media to convert problems from sleeping problems to the active phase. Every country," he smiles, "except Switzerland, Australia and New Zealand. I don't want to say that social media must be under strict control. But I see the problem." And he does think controls should be placed on it. "If you pour some fake data, fake information, but just say 10 to 15 people are reading you, it doesn't matter," he continues. "But if there is one million people reading you, it is [mass] media. I think it's a very good idea to have a tool for police to find people who are using social media in the wrong way and, in the same time, to guarantee their [the users'] anonymity."

The tool he suggests is an internet passport; anyone using the internet for anything, other than email and Skype, would need one. Full stop. To get one, explains Kaspersky - who is also a prolific tweeter - a user would need to register his or her name, address and other identifying information.

This would allow governments to trace social-media "trouble-makers" via their internet passport, which sounds a little too close for comfort to a Big Brother scenario. But he is insistent: "We must define the right balance between security of information and freedom. What we have at the moment is anarchy, and anarchy is not freedom." He says anonymity would be preserved by allowing internet users to use a traceable proxy. "If you behave in a wrong way in social media, if there is a legal request from police to find you, they will come to this proxy and they will trace the bad guys. But in social media, no one is able to recognise who you are."

And who would hold all the identifying information? The International Telecommunications Union of the UN, whose job it is to enlighten the world about the positives of a digitally connected world - and with which Kaspersky co-operates in the investigation of cyber-crime - put its hand up for the job in 2012. The US and others opposed the move and it never came to pass.

"Maybe it has to be a new organisation, or a new international treaty which is sponsored by the top economies, the countries that really contribute to internet development," says Kaspersky. In other words, those countries that make the greatest technological contributions would have the greatest power to determine how the world uses the internet, he says. "I would suggest a new international treaty, with the G20, with Interpol or the UN to manage the internet."

Plenty don't agree. Stephen Wilson, managing director of Lockstep, an Australian-based company that consults on emerging identity technologies, is among them. "His idea of an 'internet passport' is frankly nuts," Wilson says. "To do business, we're always giving up circumstantial evidence of who we are, and that information is hoovered up by criminals and used against us. A new 'passport' would just be a new single point of failure, a privacy disaster and a highly attractive target for thieves."

It's a view I put to Kaspersky. "More anonymity to save security? How?" he asks, genuinely perplexed. "It will be paradise for cyber-criminals. Well, it is paradise for them. One hundred per cent anonymous to make flights more safe and secure? No identity to book an air ticket?" he asks in amazement.

Why would such a treaty succeed where international agreements have thus far failed to stem lesser threats to national security, such as internet fraud? They failed, Kaspersky says, "because [the agreements] were under Interpol. Interpol does not have enough of the tools - legal and organisational - to fight the problem. Interpol was designed to connect police departments in different countries. Interpol is not designed [currently] for cyberspace." But, he adds, times are changing and reform is on its way. "Interpol is opening an office in Singapore. A cyber-Interpol office."

Create the tools for control, make those with the ability to create cyber-weapons sign up, and punish any breaches. It's a quick and easy solution - like the treaties banning nuclear weapons or weapons of mass destruction, believes Kaspersky, a man who likes to find solutions.

"I'm off to New Zealand for three weeks," he says as he bids me farewell. But even when he's far from home, "hiking, driving, chilling and having fun" as his aide Shingarev puts it, he still has his finger on the social media button. His tweets are about - you guessed it - the cyber-world and its problems.

But then, his Twitter account profile does say, "Eugene Kaspersky: Waging war against malware for 24 years. Mainly on the road."

Like Good Weekend on Facebook to get regular updates on upcoming stories and events.